Description:

This update for wireshark to version 2.2.9 fixes several issues.

These security issues were fixed:

- CVE-2017-13767: The MSDP dissector could have gone into an infinite
loop. This was addressed by adding length validation (bsc#1056248).
- CVE-2017-13766: The Profinet I/O dissector could have crash with an
out-of-bounds write. This was addressed by adding string validation
(bsc#1056249).
- CVE-2017-13765: The IrCOMM dissector had a buffer over-read and
application crash. This was addressed by adding length validation
(bsc#1056251).
- CVE-2017-9766: PROFINET IO data with a high recursion depth allowed
remote attackers to cause a denial of service (stack exhaustion) in the
dissect_IODWriteReq function (bsc#1045341).
- CVE-2017-9617: Deeply nested DAAP data may have cause stack exhaustion
(uncontrolled recursion) in the dissect_daap_one_tag function in the
DAAP dissector (bsc#1044417).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product: